SOC Analyst Training: How to Detect Phishing Emails
Vložit
- čas přidán 14. 06. 2022
- Threat actors frequently use phishing emails in their attacks. As users have gotten more educated about the dangers of opening sketchy emails, threat actors have updated their techniques to make the emails look more legitimate and convincing, increasing their chances of the victims opening them.
Traditionally phishing emails are associated with credential harvesting attacks, but that's not the only goal of these attacks. Adversaries send phishing emails containing malicious links or attachments to deploy malware such as backdoors and ransomware and further exploit the system.
Because emails are widely used, security teams have to deal with large amounts of files, filtering and inspecting them to prevent phishing emails from reaching the end user’s mailbox. To make it even harder, threat actors implement different techniques to evade detection and deliver threats in sneaky ways.
In this webinar we show:
• Overview of the email structure and how investigators can use it to detect and analyze phishing emails
• Attack vectors and techniques using email files
• Learn how Intezer analyzes all types of file attachments, and URLs, helps in phishing attack investigations
• A live demo of analyzing phishing emails using open-source tools. We will work on files that were used in several phishing attacks that eventually infected the victims with backdoors and information-stealing malware
What is a phishing email? 0:17
Types of phishing emails 0:53
Recent attacks 1:28
How email files are used by threat actors 2:16
How to inspect email files 2:46
Email structure 3:58
Email header 4:17
Spoofed emails 7:08
Conversation hijacking 13:10
Inspecting links 16:08
Extract and inspect attachments 18:19
Example 21:55
Q&A 23:54
Free open-source tools for extracting attachments from emails
OutlookAttachView www.nirsoft.net/utils/outlook_...
msg-extractor github.com/TeamMsgExtractor/m...
Eml Extractor github.com/diogo-alves/eml-ex...
UUDWin www.marks-lab.com/
Resources
www.intezer.com/blog/incident...
www.intezer.com/blog/malware-...
www.intezer.com/blog/research...
www.intezer.com/blog/product-...
Scan and analyze URLs automatically with Intezer. Sign up for free account at analyze.intezer.com and request a free 14-day trial to start scanning URLs and any dropped malware. - Zábava
Love this, was a good study tool for InfoSec analyst role interview since I’ve been out for three Months. Just listening pulled me back into the fun day in the life of an analyst. Nice work!
thank you for share the great work
Hi, Nice video. how did you get to the header section?
any website to get some phishing mail samples to practice.
KnowBe4
May I know which plugin you installed on the VS Code for the .eml file analyze? Thanks
This one:
marketplace.visualstudio.com/items?itemName=leighlondon.eml
GOOD